ну я только идею обрисовал. реализация следующая (ключ в зависимости от специфики приложения)<br><br>http {<br>.........<br> limit_req_zone $uniq zone=uniq:10m
rate=1r/s;<br><br><br><br>......<br><br> server {<br>.........<br>
set $uniq $binary_remote_addr$cookie_PHPSESSIONID$uri;<br><div id=":v5">
<span class="il">limit_req</span> zone=uniq burst=1;<br>
<br><br></div><br><br><div class="gmail_quote">2011/3/28 Алексей Масленников <span dir="ltr"><<a href="mailto:minisotm@gmail.com">minisotm@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div bgcolor="#ffffff" text="#000000">
Что-то не пашет, или может я не догоняю.<br>
<br>
Говорит:<br>
<br>
Restarting nginx: [emerg]: unknown
"binary_remote_addr$request_uri$referer" variable<br>
<br>
On 27.03.2011 10:48, Илья Шипицин wrote:
<blockquote type="cite">все правильно, только я бы расширил ключ, скажем, до<br>
<br>
<pre><code>limit_zone http $binary_remote_addr$request_uri$referer 1m;</code></pre>
<br>
а количество соединений уменьшил до 1<br>
<br>
<div class="gmail_quote">2011/3/27 Maxim Ponomarchuk <span dir="ltr"><<a href="mailto:ponomarchuk_m@ukr.net" target="_blank">ponomarchuk_m@ukr.net</a>></span><br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div text="#000000" bgcolor="#ffffff"> Друзья.<br>
<p> Есть сервер под управлением Debian.<br>
Периодически появляется проблема связанная с тем что с
одного айпи начинает валится уйма запросов к серверу +
из-за этого вырастает LA .<br>
<br>
Например: </p>
<div>
<pre><code>cat production.log | grep 178.95.42.226
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:05) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:06) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:07) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:08) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:09) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:10) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:11) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:12) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:13) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:14) [GET]
Processing ApplicationController#index (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:15) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:16) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:17) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:22) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:24) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:26) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:27) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:28) [GET]
Processing AdvertisementsController#show (for 178.95.42.226 at 2011-03-27 07:56:30) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:31) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:32) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:33) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:34) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:35) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:36) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:37) [GET]
Processing DataController#url_redirect (for 178.95.42.226 at 2011-03-27 07:56:38) [GET]
Processing DataController#index (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:39) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:40) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:41) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:42) [GET]
Processing AdvertisementsController#upgrade (for 178.95.42.226 at 2011-03-27 07:56:43) [GET]
</code></pre>
</div>
<p>В настройках nginx поставил лимит<br>
</p>
<div>
<pre><code>
limit_zone http $binary_remote_addr 1m;
limit_conn http 10;
При тесте Siege - nginx успешно дропает соединения больше 10 в единый момент времени.
В моем же случае такое условие не совпадает.
Можно ли как сделать так </code>- если с одного айпи в течении минуты есть больше 30 обращений к серверу - то заворачивать злодея на страничку - заглушку?
<code>Или как с таким бороться?
</code></pre>
</div>
<br>
</div>
<br>
_______________________________________________<br>
nginx-ru mailing list<br>
<a href="mailto:nginx-ru@nginx.org" target="_blank">nginx-ru@nginx.org</a><br>
<a href="http://nginx.org/mailman/listinfo/nginx-ru" target="_blank">http://nginx.org/mailman/listinfo/nginx-ru</a><br>
<br>
</blockquote>
</div>
<br>
<pre><fieldset></fieldset>
_______________________________________________
nginx-ru mailing list
<a href="mailto:nginx-ru@nginx.org" target="_blank">nginx-ru@nginx.org</a>
<a href="http://nginx.org/mailman/listinfo/nginx-ru" target="_blank">http://nginx.org/mailman/listinfo/nginx-ru</a>
</pre>
</blockquote>
<br>
</div>
<br>_______________________________________________<br>
nginx-ru mailing list<br>
<a href="mailto:nginx-ru@nginx.org">nginx-ru@nginx.org</a><br>
<a href="http://nginx.org/mailman/listinfo/nginx-ru" target="_blank">http://nginx.org/mailman/listinfo/nginx-ru</a><br>
<br></blockquote></div><br>